• App Control Server: All Supported Versions
• App Control Agent: All Supported Versions
• Microsoft Windows XP (Service Pack 3)
• Windows 7 (SP1)
• Microsoft Windows Server 2003 (Service Pack 2)
• Windows Server 2008 (SP2)
• Windows Server 2008 R2 (SP1)

Windows XP and Windows Server 2003

1. Verify the endpoint can reach the Server Address (System Configuration > General) for the App Control Server.
2. Verify that Windows Server 2003 and/or Windows XP are updated to the latest Service Pack with all Hotfixes applied.
   • Server 2003 requires KB3072630 and KB948963 for AES Ciphers support
3. Verify that the Operating System hosting the App Control Server and the client Server 2003/XP OS have a matching TLS Protocol/Ciphers Suites
   • A Matching Protocol can be:
     • TLS 1.0 (This is the highest TLS version available for Server 2003 and XP)
   • A Matching Cipher Suite can be:
     • TLS_RSA_WITH_AES_128_CBC_SHA (Server 2003 requires KB3072630 and KB948963)
     • TLS_RSA_WITH_AES_256_CBC_SHA (Server 2003 requires KB3072630 and KB948963)
     • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
     • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Windows 7 and Windows Server 2008

1. Verify the endpoint can reach the Server Address (System Configuration > General) for the App Control Server.
2. Verify the operating system is fully updated to the latest Service Pack with all Hotfixes applied
   • Windows 7 and Windows Server 2008 R2 will also require:
     1. KB3140245: Update to add TLS 1.1 and 1.2 support in WinHTTP
     2. KB3080079: Update to add RDS support for TLS 1.1 and TLS 1.2
     3. Microsoft Easy Fix 51044 to add the DefaultSecureProtocols Registry entries for TLS 1.2 with WinHTTP
   • Windows Server 2008 SP2 will also require:
     1. KB4019276: Update to add support for TLS 1.1 and TLS 1.2
     2. KB4074621: Update to add RDS support for TLS 1.1 and TLS 1.2
     3. Manually adding the DefaultSecureProtocols Registry entries for TLS 1.2 with WinHTTP
        • 32-bit Path:

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

        • 64-bit Path:

          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

        • DWORD Name: DefaultSecureProtocols
        • DWORD Decimal Value: 2048
3. Verify that the Operating System hosting the App Control Server and the client Server 2008/7 OS have a matching TLS Protocol/Ciphers Suites, examples:
   • A Matching Protocol can be:
     • TLS 1.2
   • A Matching Cipher Suite can be:
     • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

• Typically  TLS/Cipher Suites modifications must be done via the TLS Registry Settings, or by managing TLS via GPO ,or with a 3rd party tool like IISCrypto (use v1.6 for Server 2003)
• Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
• Windows XP or Windows Server 2003 must be updated to the latest Service Pack with all Hotfixes applied.
• The AES Ciphers Suites on Server 2003 require installation of KB3072630, and the KB948963 patch which is no longer available for download by Microsoft.
• One can request KB948963 directly from Microsoft or download from a 3rd party file repository like VirusTotal (requires account).
• Windows Server 2022 does not support 3DES and older Cipher Suites by default
• The wmic gfe get hotfixid command from an administrative command prompt on the Windows 7 or Server 2008 endpoint(s) can confirm whether a KB mentioned is installed, example:

  wmic qfe get hotfixid | find "KB4474419"